CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

OSV•added 2026/05/04 1:12 p.m.•1 views

JLSEC-2026-429 When doing TLS related transfers with reused easy or multi handles and altering the ...

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

5.3CVSS6AI score0.0003EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в curl

When performing TLS-related transfers using reused easy or multi-handles, and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl may accidentally reuse a CA store cached in memory, where the partial chain option is reversed. This goes against the user’s wishes and expectations. As a result,...

5.3CVSS6AI score0.0003EPSS

Exploits0References1

OSV•added 2026/01/23 12:22 p.m.•6 views

OESA-2026-1195 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00067EPSS

Exploits3References5

Tenable Nessus•added 2026/01/19 12:0 a.m.•4 views

libcurl 7.87.0 < 8.18.0 OpenSSL partial chain store policy bypass (CVE-2025-14819)

The version of libcurl installed on the remote host is missing a security update. It is, therefore, affected by a improper certificate validation vulnerability. - When performing TLS transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could...

5.3CVSS6.9AI score0.0003EPSS

Exploits0References2

RedhatCVE•added 2026/01/18 11:20 a.m.•2 views

CVE-2025-14819

5.3CVSS6.6AI score0.0003EPSS

Exploits0References1

Snyk•added 2026/01/08 10:45 a.m.•0 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the handling of TLS transfers when reusing easy or multi handles and modifying the CURLSSLOPTNOPARTIALCHAIN option. An attacker can cause the application to accept an unintended trust chain by exploiti...

6.8CVSS5.8AI score0.0003EPSS

Exploits0References2

OSV•added 2026/01/08 10:15 a.m.•1 views

CVE-2025-14819

5.3CVSS5.5AI score0.0003EPSS

Exploits0References3

NVD•added 2026/01/08 10:15 a.m.•3 views

CVE-2025-14819

5.3CVSS0.0003EPSS

Exploits0References3

AlpineLinux•added 2026/01/08 10:7 a.m.•5 views

CVE-2025-14819

5.3CVSS6.3AI score0.0003EPSS

Exploits0References3

CVE•added 2026/01/08 10:7 a.m.•17 views

CVE-2025-14819

CVE-2025-14819 concerns libcurl. When performing TLS transfers with reused easy/multi handles and altering CURLSSLOPT_NO_PARTIALCHAIN, libcurl could reuse a CA store cached in memory where the partial-chain setting was reversed, causing it to accept a trust chain it would otherwise reject. This i...

5.3CVSS6AI score0.0003EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/01/08 10:7 a.m.•3 views

CVE-2025-14819

5.3CVSS6.8AI score0.0003EPSS

Exploits0

Vulnrichment•added 2026/01/08 10:7 a.m.•3 views

CVE-2025-14819 OpenSSL partial chain store policy bypass

6.2AI score0.0003EPSS

Exploits0References2

Cvelist•added 2026/01/08 10:7 a.m.•24 views

CVE-2025-14819 OpenSSL partial chain store policy bypass

0.0003EPSS

Exploits0References2

OSV•added 2026/01/07 8:0 a.m.•1 views

CURL-CVE-2025-14819 OpenSSL partial chain store policy bypass

5.3CVSS6.5AI score0.0003EPSS

Exploits0

UbuntuCve•added 2026/01/06 7:0 a.m.•1 views

CVE-2025-14819

5.3CVSS6.1AI score0.0003EPSS

Exploits0References3

OSV•added 2026/01/06 7:0 a.m.•2 views

UBUNTU-CVE-2025-14819

5.3CVSS5.8AI score0.0003EPSS

Exploits0References4

SUSE Linux•added 2024/12/11 8:30 a.m.•0 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Updated to 20.18.1: Experimental Network Inspection Support in Node.js Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext New...

5.6CVSS6.6AI score0.00067EPSS

Exploits0References4

OpenVAS•added 2021/07/13 12:0 a.m.•30 views

openSUSE: Security Advisory for curl (openSUSE-SU-2021:1762-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

3.1CVSS5.9AI score0.00137EPSS

Exploits1References2

OSV•added 2021/07/10 4:41 p.m.•4 views

OPENSUSE-SU-2021:1762-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. - Allow partial chain verification jscSLE-17956 Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA...

3.1CVSS4.8AI score0.00137EPSS

Exploits1References3

OPENSUSE Linux•added 2021/07/10 12:0 a.m.•51 views

Security update for curl (moderate)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2021:1762-1 Rating: moderate References: 1186114 SLE-17956 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22898 SUSE: 5.3...

5.3CVSS6.4AI score0.00137EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by